Macro and Worm
what is the difference and which is the most dangerous? :)

October 30th, 2003, 02:07 PM

SirDice

Re: catogery of virus

Quote:

Originally posted here by Penguin Macro and Worm
what is the difference and which is the most dangerous? :)

A macro is just a collection of commands to be executed in a certain order.

A worm is a program that is able to copy itself to other computers.

Macros are usually harmless but I'm guessing you mean macro virusses.

A macrovirus is a virus written in some macro language (like the stuff build into Word).
Virusses can spread to other programs or computers. A virus will also modify/delete other files. A worm will only spread itself around.

October 30th, 2003, 02:15 PM

Penguin

but how does a worm copy itself if i am using web email.. instead of Outlook Express or Outlook.. is there a risk of both as well?

October 30th, 2003, 02:35 PM

PM8228

I'm not an expert but I believe some worms have a built in/their own SMTP engine/server, or they will eat(take) everybody in your address list and email them via your email engine so it appears to have come from you. Then when they get infected this repeats and eventually everything gets clogged with email and your bandwith becomes 0 ;)

-It is I, me-

October 30th, 2003, 02:42 PM

Penguin

so what kind of programming language they using? and will this email infect my PC when i open a web email in my IE browser?

October 30th, 2003, 02:49 PM

PM8228

Quote:

so what kind of programming language they using?

ASM, C, C++ and there are rumors of malicious java code but I do not know anything about that.

Quote:

web email

? As in Hotmail, Lycos, Yahoo?

Disable HTML so that when you open an email with HTML/Java code you see the actual code. Also, do not download stuff that you do not know who it is from. If you do know who it is from, scan it, because you're more likely to get a virus from someone you know than someone you do not (not that they purposly sent it to you).

-JESUS IS COMING!! EVERYBODY LOOK BUSY!!!!-

October 30th, 2003, 03:17 PM

brichards99

how worms work

In general a worm is considered to be a piece of malicious code which spreads itself without end-user intervention . . . unlike a macro virus which requires you to open a document in its appropriate application (hence providing an environment in which the macro is a valid code snippet.)

Worms, therefore, usually require a vulnerability in an already running application or service as a vector for infection. All things being the same, the best way to prevent the spread of a worm is to perform aggressive patching and updating of OS's and applications.

Or unplug anything that requires electricity.

There's a lot of fun stuff to explore here with how a worm is written so that it will execute, seek out a vector for replication, and then perform its nasty little task of replicating itself.

October 30th, 2003, 03:23 PM

PM8228

Quote:

There's a lot of fun stuff to explore here with how a worm is written so that it will execute, seek out a vector for replication, and then perform its nasty little task of replicating itself.

It is really interesting. the part I am most interested in is replication and finding a vector. I do not want to know how to damage systems. Anyway, it is considered blackhat by a lot of people so I do not ask. I assume its using ASM to attach itself to append it self to the beggining and/or end of a file then when conditions are correct, executing replication/exploitation.

-Sam-

October 30th, 2003, 05:59 PM

nihil

As I understand things, a "worm" requires a medium through which to travel. This is typically the internet, or a local network. The true worm will spread of its own accord, recently if you left an unprotected computer connected to the net for 30 minutes or so, you would be almost certain of being infected.

I use the strict definition that worms do not "infect", either the boot sector or files. Infection is what viruses do.

The two terms relate ONLY to how the thing gets about NOT if it does any damage.

A macro is a set of instructions to perform an automated function. The first ones I met were in basic, but since then they are in C, C++ and so on. A true "macro" is a small program used within another (larger) application. Typically you will find them in "office" packages like MS Office, Lotus Smartsuite, Corel and so on.

The significance of this is that you must have the application that they were written for, installed on your machine. For, example, if I sent you a Microsoft Word macro virus, and you did not have word, all you would see would be my macro code in the text editor you used INSTEAD of Word. The actual instruction sequence would not be invoked.

Worms that are network aware, will spread themselves without human intervention, they just look for mapped drives and sub-nets.

More commonly, human intervention is required, as some bozo has to open the e-mail document that carries the worm, or virus. This is not just restricted to e-mail, P2P and messaging applications can also carry them, but mostly they still require a positive reaction from the recipient.

Hope this helps

October 30th, 2003, 08:42 PM

Iaio

you said everything about the macro viruses. But is there any "micro" viruses. Please explain it to me. And yes I AM A NOOB. :)